- Trusted messaging platforms are now the easiest entry point for attackers.
- Spam is no longer noise; he actively carries out successful phishing attacks
- Phishing links dominate because they blend into everyday communication flows
The primary method of spreading commercial spam is through compromised accounts and free email services like Gmail, but many users place a lot of trust in these platforms, allowing spam to thrive.
VIPRE Security Group’s Q1 2026 Email Threat Trends Report claims that commercial spam now accounts for 46% of all spam observed globally, with 33% delivered through compromised accounts and an additional 32% originating from widely used free email hosting services.
Approximately two-thirds of this spam originated from US-based infrastructure, which also remains the primary target of these campaigns, accounting for 60% of all commercial spam volume.
Article continues below
Commercial spam fuels phishing and user fatigue
Commercial spam is not just a nuisance. It actively exhausts users due to email fatigue, thereby increasing their chances of falling for phishing attempts.
As inboxes fill up, employees become desensitized, increasing the likelihood that they will respond to malicious messages without proper review.
To accelerate this effect, attackers rely on misleading subject lines, aggressive language, and urgent promotions designed to trigger rapid responses.
This same psychological pressure directly fuels phishing campaigns, which accounted for nearly 26% of all spam during this period.
In these attacks, malicious links remain the most effective weapon, appearing in more than half of all phishing emails analyzed.
Beyond that, abused URLs made up over 89% of the phishing infrastructure, demonstrating a clear preference for manipulating legitimate-looking links.
This is why brands like Microsoft continue to be heavily spoofed, often via “open redirects” that start on trusted domains before leading to malicious destinations.
Attackers evade detection with reliable infrastructure
As detection tools improve at identifying newly registered domains, attackers are adjusting their approach rather than slowing down.
“Attackers are boldly using sophisticated techniques to evade detection, while resorting to emotional triggers to manipulate and break trust,” says Usman Choudhary, managing director of VIPRE Security Group.
“Organizations must strengthen their messaging defenses and rethink how trust is built across all channels to combat these threats…There is no room for complacency. »
Instead of creating new domains, cybercriminals now rely on familiar, reputable web addresses to blend in and avoid arousing suspicion.
Going further, attackers are increasingly using Cloudflare to hide phishing links behind CAPTCHAs and bot protection systems.
By doing so, they prevent security scanners from reaching the actual malicious content, while also making emails more trustworthy in the eyes of users.
Along with these tactics, callback phishing continues to gain ground as a reliable method of deception.
These campaigns often use fake invoices, subscription renewals, or urgent account alerts to trick victims into making contact.
Unfortunately, free email service providers like Gmail have little incentive to aggressively filter commercial spam when determining user engagement metrics.
As a result, even the most secure email tools struggle when user behavior creates additional exposure points, and many threats appear to come from legitimate sources.
Until companies enforce strict policies on acceptable email use and deploy modern detection tools that analyze behavior rather than just content, fatigue will continue to grow and the clicks will continue to flow.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
